TL;DR – use a VPN or take a picture of yourself in Death Stranding
Earlier this week, the United Kingdom’s age assurance requirement for sites that publish pornographic material went into effect, which has resulted in everything from Pornhub to Reddit and Discord displaying an age verification panel when users attempt to visit. There’s just one little problem. As The Verge notes, all it takes to defeat the age-gating is a VPN, and those aren’t hard to come by these days.
Here’s the deal: Ofcom, the UK’s telecom regulator, requires online platforms to verify the age of their users if they are accessing a site that either publishes or allows users to publish pornographic material. Previously, a simple click of an “I am over 18” button would get you in. Now, platforms are mandated to use a verification method that is “strong” and “highly effective.” A few of those acceptable methods include verifying with a credit card, uploading a photo ID, or submitting to a “facial age estimation” in which you upload a selfie so a machine can determine if you look old enough to pleasure yourself responsibly.
Those options vary from annoying to creepily intrusive, but there’s a little hitch in the plan: Currently, most platforms are determining a user’s location based on IP address. If you have an IP that places you in the UK, you have to verify. But if you don’t, you’re free to browse without interruption. And all you need to change your IP address is a VPN.
Ofcom seems aware of this very simple workaround. According to the BBC, the regulator has rules that make it illegal for platforms to host, share, or allow content that encourages people to use a VPN to bypass the age authentication page. It also encouraged parents to block or control VPN usage by their children to keep them from dodging the age checkers.
It seems that people are aware of this option. Google Trends shows that searches for the term “VPN” have skyrocketed in the UK since the age verification requirement went into effect.
[…]
But the thing about Ofcom’s implementation here is that it’s not just blocking kids from seeing harmful material—it’s exposing everyone to invasive, privacy-violating risks. When the methods for accomplishing the stated goal require people to reveal sensitive data, including their financial information, or give up pictures of their face to be scanned and processed by AI, it’s kinda hard to blame anyone for just wanting to avoid that entirely. Whether they’re horny teens trying to skirt the system or adults, getting a face scan before opening Pornhub kinda kills the mood.
Source: UK’s New Age Verification Requirement Thwarted in the Simplest Way Imaginable
An X user named Dany Sterkhov appears to be the first to discover the hack. On July 25, he posted that he had bypassed Discord’s age verification check using the photo mode in the video game Death Stranding.
[…]
The Verge and PCGamer have both tried Sterkhov’s hack themselves and confirmed it works.
Most of these companies rely on third-party platforms to handle age verification. These services typically give users the option to upload a government-issued photo ID or submit photos of themselves.
Discord uses a platform called k-ID for age verification. According to The Verge’s Tom Warren, all he had to do to pass the check was point his phone’s camera at his monitor to scan the face of Sam Bridges, the protagonist of Death Stranding, using the game’s photo mode. The system did ask him to open and close his mouth—something that is easy enough to do in the game.
Warren was also able to bypass Reddit’s age check, which is handled by Persona, using the same method. However, the trick didn’t work with Bluesky’s system, which uses Yoti for age verification.
[…]
ProtonVPN reported on X that it saw an over 1,400 percent increase in sign-ups in the U.K. after the age verification requirements took effect. VPNs let people browse the web as if they were in a different location, making it easier to bypass the U.K.’s age checks.
In the U.S., laws requiring similar age verification systems for porn sites have passed in nearly half the states. Nine states in the U.S. have also passed laws requiring parental consent or age verification for social media platforms.
Source: ‘Death Stranding’ Is Helping UK Users Bypass Age Verification Laws
The problem is that besides being unenforceable you are leaving a lot of very personal data inside the age verifiers databases. These databases are clear targets and will get hacked.
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft